{"id":"GHSA-rgjg-66cx-5x9m","summary":"Grafana Authentication Bypass","details":"Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.\n\n### Specific Go Packages Affected\ngithub.com/grafana/grafana/pkg/api","aliases":["CVE-2018-15727","GO-2022-0707"],"modified":"2024-08-21T15:58:33.883991Z","published":"2022-02-15T01:57:18Z","database_specific":{"nvd_published_at":null,"github_reviewed_at":"2021-05-20T21:09:16Z","cwe_ids":["CWE-287"],"severity":"CRITICAL","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15727"},{"type":"WEB","url":"https://github.com/grafana/grafana/commit/7baecf0d0deae0d865e45cf03e082bc0db3f28c3"},{"type":"WEB","url":"https://github.com/grafana/grafana/commit/df83bf10a225811927644bdf6265fa80bdea9137"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2018:3829"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2019:0019"},{"type":"WEB","url":"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix"},{"type":"WEB","url":"https://www.securityfocus.com/bid/105184"}],"affected":[{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"4.6.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-rgjg-66cx-5x9m/GHSA-rgjg-66cx-5x9m.json"}},{"package":{"name":"github.com/grafana/grafana","ecosystem":"Go","purl":"pkg:golang/github.com/grafana/grafana"},"ranges":[{"type":"SEMVER","events":[{"introduced":"5.0.0"},{"fixed":"5.2.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-rgjg-66cx-5x9m/GHSA-rgjg-66cx-5x9m.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}